New York Times site slow to return for some users after cyber attack

The Syrian Electronic Army, a hacktivist group that supports Syrian President Bashar al-Assad, has claimed responsibility for the attack on the Times site.

Two days after hackers took down the New York Times website, some readers were still having trouble accessing it Thursday.

The Times' website went down for several hours Tuesday after an attack for which the Syrian Electronic Army, a hacktivist group, claimed responsibility.

Marc Frons, chief information officer at the Times, told employees Tuesday that the SEA "or someone trying very hard to be them" had launched the attack on Melbourne IT, the company's domain name registrar.

The culprits rerouted traffic directed at the Times to other addresses. The Times' computer system wasn't compromised internally.

Melbourne IT said it had fixed the problem by 5 p.m. ET Tuesday, but some users were still having problems accessing the Times site on Wednesday and Thursday. The Times said in an email to readers Thursday afternoon it expected all access to be restored for all users by the end of the day.

Melbourne IT chief technology officer Bruce Tonkin said in an email that users who attempted to access the site while it was down had the incorrect domain records stored temporarily on their computers or servers. It's the computer equivalent of having the wrong telephone number.

After the records are updated for those users, their computers or servers will be able to access nytimes.com again.

"A rough rule of thumb when trying to make an intentional change to a [domain name system] setting is that it will take 48 hours for the change to fully propagate to all users on the Internet," Tonkin said.

Readers who didn't try to access the site while it was down shouldn't have any problems, he added.

Times spokeswoman Eileen Murphy said Thursday that the company was adopting additional security measures "given the vulnerabilities that this incident exposed at the registrar level."

Melbourne IT said it was reviewing what other layers of security it could add. It recommended that clients utilize special security features to lock their domain names, which the Times apparently hadn't done.

Alex McGeorge, senior security researcher at Immunity Inc., said the attack underscored the importance of vetting business partners for security weaknesses.

"I think the lesson for companies is that if you've got something that's this significant and this sensitive, you need to demand that the people that provide services to you undergo security audits and make those results available to you," he said.

Earlier this month, the Syrian Electronic Army breached a news recommendation engine that provides links on news sites including CNN, The Washington Post and Time.